Vulnerability Details CVE-2016-1365
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.5
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
- http://www.securityfocus.com/bid/92507
- http://www.securitytracker.com/id/1036634
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
- http://www.securityfocus.com/bid/92507
- http://www.securitytracker.com/id/1036634
Products affected by CVE-2016-1365
-
cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.10